Re: [dane] Second WGLC draft-ietf-dane-smime
"John Levine" <johnl@taugh.com> Mon, 21 November 2016 14:58 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9789129A90 for <dane@ietfa.amsl.com>; Mon, 21 Nov 2016 06:58:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NqUZJpfYLTQF for <dane@ietfa.amsl.com>; Mon, 21 Nov 2016 06:58:26 -0800 (PST)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 379991295F6 for <dane@ietf.org>; Mon, 21 Nov 2016 06:58:26 -0800 (PST)
Received: (qmail 98937 invoked from network); 21 Nov 2016 14:58:28 -0000
Received: from unknown (64.57.183.18) by mail1.iecc.com with QMQP; 21 Nov 2016 14:58:28 -0000
Date: Mon, 21 Nov 2016 14:58:03 -0000
Message-ID: <20161121145803.79462.qmail@ary.lan>
From: John Levine <johnl@taugh.com>
To: dane@ietf.org
In-Reply-To: <42510095-2182-422E-8A47-1EF3181B16F3@nist.gov>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dane/pi52nMtp2iXNkt8vvR5fyxbT-YI>
Subject: Re: [dane] Second WGLC draft-ietf-dane-smime
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Nov 2016 14:58:28 -0000
Hi, Simson. >To summarize the answer I received, there was concern that some email users might be using a legacy email account, not trust >their mail provider, and want the assurance of a end-to-end encryption that is asserted by a trustworthy CA. That's not really what I said. If you're going to quote me, please quote me. >I’ve thought about this response over the weekend and do not find it credible. This answer presupposes a CA system that is >not the one that we have. Most CA S/MIME providers authenticate users based on their ability to receive email at a given >address. So a hostile email provider intent on intercepting encrypted email could easily spoof even a trusted CA provider >into issuing a bogus certificate. I certainly wouldn't disagree that the current public CA system is screwed up. On the other hand, there are non-public or semi-public CAs that seem to work OK, like the DOD's. This is throwing out the baby with the bathwater. But in any event, to return to my original objection, it seems quite clear that the assumption in this document is that domains are authorities for the identities of their users. It should say that in so many words rather than dancing around it. R's, John
- [dane] Second WGLC draft-ietf-dane-smime Olafur Gudmundsson
- Re: [dane] Second WGLC draft-ietf-dane-smime Doug Montgomery
- Re: [dane] Second WGLC draft-ietf-dane-smime Edward Lewis
- Re: [dane] Second WGLC draft-ietf-dane-smime John Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Olafur Gudmundsson
- Re: [dane] Second WGLC draft-ietf-dane-smime Paul Wouters
- Re: [dane] Second WGLC draft-ietf-dane-smime Paul Wouters
- Re: [dane] Second WGLC draft-ietf-dane-smime John Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Garfinkel, Simson L. (Fed)
- Re: [dane] Second WGLC draft-ietf-dane-smime John R Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Jim Reid
- Re: [dane] Second WGLC draft-ietf-dane-smime tjw ietf
- Re: [dane] Second WGLC draft-ietf-dane-smime Garfinkel, Simson L. (Fed)
- [dane] direction of effort (was: Re: Second WGLC … Stephen Farrell
- Re: [dane] Second WGLC draft-ietf-dane-smime John Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Garfinkel, Simson L. (Fed)
- Re: [dane] Second WGLC draft-ietf-dane-smime John R Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Garfinkel, Simson L. (Fed)
- Re: [dane] Second WGLC draft-ietf-dane-smime John R Levine
- Re: [dane] Second WGLC draft-ietf-dane-smime Matt Miller
- Re: [dane] direction of effort (was: Re: Second W… Peter Gutmann
- Re: [dane] direction of effort Stephen Farrell
- Re: [dane] direction of effort Paul Hoffman
- Re: [dane] direction of effort Stephen Farrell
- [dane] Fwd: Second WGLC draft-ietf-dane-smime Olafur Gudmundsson
- Re: [dane] Fwd: Second WGLC draft-ietf-dane-smime Shumon Huque
- Re: [dane] Fwd: Second WGLC draft-ietf-dane-smime Garfinkel, Simson L. (Fed)
- Re: [dane] direction of effort Martin Rex
- [dane] S/MIME (was: Re: direction of effort) Garfinkel, Simson L. (Fed)
- Re: [dane] direction of effort (was: Re: Second W… Garfinkel, Simson L. (Fed)
- Re: [dane] direction of effort (was: Re: Second W… Viktor Dukhovni